Cloud Security Risk – Malware, Third-Party Plugins, and More

The biannual Netskope Cloud and Threat Report analyses the most interesting trends in the use of cloud services and applications for companies, threats on the web and in the cloud, and migrations and data transfers.

Among the most outstanding conclusions stands out a clear and sustained growth of malware delivered through cloud applications, which now represents 68% of all malware that reaches organizations. 

This increase comes against the continued proliferation of cloud applications at the enterprise level, with adoption increasing 22% during the first six months of 2021. According to the latest research from Netskope, a company with between 500 and 2,000 employees uses an average of 805 different applications and cloud services. 

Of this total, 97% of these applications are “Shadow IT”; they have not been authorized, nor are they covered and protected by corporate IT teams.

However, the use of unauthorized cloud applications is not the only potential threat identified in the report, indicating the need for increased management of authorized cloud applications and IAAS services. Today, more than a third (35%) of all workloads on AWS, Azure, and Google Cloud Platform are “unrestricted,” meaning they are open to public viewing by anyone on the Internet.

The research authors have also identified an emerging attack opportunity in the widespread use (97%) of Google corporate credentials as a convenient shortcut to login into third-party applications. 

When using Google logins as a shortcut, a third-party app asks for several permissions, ranging from “view basic account information” to “view and manage Google Drive files.” Third-party applications that request to view and manage Google Drive files pose a significant threat to corporate data exposure.

“Threat actors strive to stay one step ahead, so we work aggressively to identify potential entry and attack surfaces before can use they can use them regularly and to ensure organizations can safely isolate themselves before a corporate data loss episode,” explains Ray Canzanese, Director of Threat Research at Netskope.

“The research shows that companies need to rethink security based on the reality of using cloud applications. They should favor a security architecture that provides context for apps, cloud services, and web user activity, and applies zero-trust controls to protect data wherever and however it is accessed ». 

Key Takeaways

1. 97% of the cloud apps used in the company are “Shadow IT,” unmanaged and often freely adopted.
2. Third-party app plugins pose serious data risks. 97% of Google Workspace users have authorized at least one third-party app access to their corporate Google account, potentially exposing data to third parties due to scopes like “View and manage your Google Drive files .”
3. The rise of cloud environments exposed to the public creates opportunities for attackers. Over 35% of all workloads are exposed to the public Internet within AWS, Azure, and GCP, with RDP servers – a popular infiltration vector for attackers – exposed in 8.3% of workloads.
4. Malware delivered via cloud apps continues to grow, reaching an all-time high of 68%. Cloud storage apps account for nearly 67% of cloud malware delivery, and malicious Office documents already account for 43% of all malware downloads.
5. Employees attempt to filter significant amounts of work data before leaving their jobs. Departing employees upload three times as much data to personal applications in the last 30 days of work; 15% of that data originates from a corporate application instance or directly violates a corporate data policy. Individual instances of Google Drive and Microsoft OneDrive are the most popular targets.